Online threats have evolved over the years to be very sophisticated. An attacker has many methods available to trick a user into revealing sensitive information. For example, phishing is an attempt to acquire sensitive information by masquerading as a trustworthy entity. Online banks and payment services are common targets. Phishing is typically carried out by an email containing a link that may direct users to an authentic looking, but nevertheless non-authentic website. Once the user is at the website, he may be asked to enter sensitive information for verification purposes. When the user types in a username and password, sensitive information is compromised.
Another common threat is the man-in-the-middle attack. An attacker creates an authentic looking, but counterfeit web site (e.g., bank) and lures users to the web site. A user, thinking he is at his authentic bank web site, types in a username and password, and the attacker uses it to access the user's real bank web site. The user doesn't realize until sometime later that the attacker has completed transactions against his account. In this case, the user isn'table to authenticate the bank and the bank isn'table to authenticate the user. Many other security vulnerabilities exist on the Internet.
Mutual authentication refers to two parties authenticating each other. Typically, users authenticate themselves to a server (e.g., web server) and the server authenticates itself to the user in such a way that both parties are assured of the others' identity.